PT-2026-22894

SEPPmail Secure Email Gateway before version 15.0.1 decrypts inline PGP messages without isolating them from surrounding unencrypted content, allowing exposure of sensitive information to an unauthorized actor...

CVE-2024-55023

Weintek cMT-3072XH2 easyweb v2.1.53 on OS v20231011 contains a hardcoded encryption key, enabling potential access to sensitive information (CVE-2024-55023). Affected component: easyweb (Weintek). Underlying cause: hardcoded key disclosed in description. Documented impact: confidentiality impact ...

CVE-2025-65264

The kernel driver of CPUID CPU-Z v2.17 and earlier does not validate user-supplied values passed via its IOCTL interface, allowing an attacker to access sensitive information via a crafted request...

PT-2026-1862

Name of the Vulnerable Software and Affected Versions Yonyou YonBIP versions prior to v3 Description The LoginWithV8 interface in the series data application service system is susceptible to a path traversal issue. This allows unauthorized access to sensitive information within the system. The...

EUVD-2025-203565

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in SendPulse SendPulse Email Marketing Newsletter sendpulse-email-marketing-newsletter allows Retrieve Embedded Sensitive Data.This issue affects SendPulse Email Marketing Newsletter: from n/a through = 2.2.1...

PT-2025-48166

Name of the Vulnerable Software and Affected Versions youlai-boot version 2.21.1 Description An access control issue exists in the getUserFormData function. This allows unauthorized access to sensitive information belonging to other users. The issue involves insufficient restrictions on who can...

CVE-2025-41344

A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'idarchivo' in '/backend/api/verArchivo.php'...

PT-2025-34657 · Dasan · Dasan Gpon Onu H660Wm +1

Name of the Vulnerable Software and Affected Versions: DASAN GPON ONU H660WM H660WMR210825 Description: An incorrect access control issue exists in the /cgi-bin/system diagnostic main.asp component, potentially allowing attackers to access sensitive information. Recommendations: At the moment,...

Netwrix Directory Manager 安全漏洞

Netwrix Directory Manager is a group and user management software from Netwrix, Inc. A security vulnerability exists in Netwrix Directory Manager versions prior to 11.1.25162.02, which originates from sensitive information contained in data sent to authenticated users...

MediaWiki PageTriage 安全漏洞

MediaWiki PageTriage is an extension of the MediaWiki Foundation. A security vulnerability exists in MediaWiki PageTriage that stems from exposing sensitive information to unauthorized actors, allowing authentication to be bypassed...

PT-2024-27944 · Ibm · Ibm Storage Defender

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender versions 2.0.0 through 2.0.7 Description: The issue concerns the defender-sensor-cmd CLI in IBM Storage Defender, which does not validate the server name during registration and unregistration operations. This could...

CVE-2024-43257

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Nouthemes Leopard - WordPress offload media.This issue affects Leopard - WordPress offload media: from n/a through 2.0.36...

Kashipara Music Management System 安全漏洞

Kashipara Music Management System is a music management system from Kashipara. A SQL injection vulnerability exists in Kashipara Music Management System v1.0, which originates from the lack of validation of the "id" parameter of /music/index.php?page=viewplaylist against external input SQL...

CVE-2022-32759

IBM Security Directory Integrator 7.2.0 and IBM Security Verify Directory Integrator 10.0.0 uses insufficient session expiration which could allow an unauthorized user to obtain sensitive information. IBM X-Force ID: 228565...

F5 BIG-IP 安全漏洞

F5 BIG-IP is an application delivery platform from F5 USA that integrates network traffic management, application security management, load balancing and other functions. An information disclosure vulnerability exists in F5 BIG-IP Next CNF, which can be exploited by attackers to view sensitive...

PT-2024-25842 · Unknown · Robo Gallery

Name of the Vulnerable Software and Affected Versions: Robo Gallery versions 3.2.18 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who should not have access t...

WordPress Plugin Ultimate Gift Cards for WooCommerce Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

PT-2024-22028 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: Jeewms versions 3.7 and earlier Description: A Directory Traversal issue allows a remote attacker to obtain sensitive information via the cgformTemplateController component. Recommendations: For Jeewms versions 3.7 and earlier, at the moment,...

CVE-2023-44312

Exposure of Sensitive Information to an Unauthorized Actor in Apache ServiceComb Service-Center.This issue affects Apache ServiceComb Service-Center before 2.1.0 include. Users are recommended to upgrade to version 2.2.0, which fixes the issue...

PT-2023-31881 · Unknown · Implecode Product Catalog Simple

Name of the Vulnerable Software and Affected Versions: impleCode Product Catalog Simple versions 1.7.6 and earlier Description: The issue is related to the exposure of sensitive information to an unauthorized actor. This is a problem where sensitive data is made available to individuals who shoul...